Connect OpenWrt as a client to VPN server l2tp

Basically the title says it all.

I have an VPN Server running, but I want to connect my raspberry pi with OpenWRT as a client to my VPN Server which uses a L2TP protocol.

But good to know, I have made this raspberry pi with an external wifi antenna. I have followed this video ( to be precise and the settings are almost the same except that I am working with a WireGuard protocol.

But now I want to connect with my own VPN Server (which is a NAS from Synology) with the L2TP protocol.

How do i do this?

the end goal is that I want my home network accessible for example in Switzerland.

Im not an expert but i think this is what you need:

To connect your Raspberry Pi running OpenWRT to your Synology NAS VPN server using L2TP protocol, you can follow these steps:

  1. Install the xl2tpd package on your Raspberry Pi running OpenWRT by using the command:
opkg update
opkg install xl2tpd
  1. Configure the /etc/xl2tpd/xl2tpd.conf file on your Raspberry Pi by adding the following lines:
[lac myvpn]
lnswan ip <Synology_NAS_IP_Address>
lnsauth = yes
eap = no
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
redial = yes
redial timeout = 5
refuse pap = yes
refuse chap = yes
require authentication = yes
name = <Your_VPN_Username>
password = <Your_VPN_Password>

Replace <Synology_NAS_IP_Address>, <Your_VPN_Username>, and <Your_VPN_Password> with your actual Synology NAS IP address, VPN username, and VPN password.

  1. Create the /etc/ppp/options.l2tpd.client file on your Raspberry Pi by adding the following lines:
mtu 1200
mru 1200
  1. Restart the xl2tpd service on your Raspberry Pi using the command:
/etc/init.d/xl2tpd restart
  1. Verify that the L2TP tunnel is up by checking the output of the ipsec status and xl2tpd-control status commands.

Regarding the issue with your internet connection and DNS, it is possible that the VPN client configuration has caused a misconfiguration of the network settings. You can try the following steps to troubleshoot the issue:

  1. Verify that your Raspberry Pi is still connected to the network and has a valid IP address assigned.

  2. Check the DNS settings on your Raspberry Pi by running the command:

cat /tmp/

It should contain the IP address of your DNS server. If it is not set correctly, you can try manually setting the DNS server by editing the /etc/config/network file and adding the following lines:

config interface 'wan'
    option dns '<Your_DNS_Server_IP_Address>'

Replace <Your_DNS_Server_IP_Address> with the IP address of your DNS server.

  1. Check the routing table on your Raspberry Pi by running the command:
ip route

It should contain the default route to your internet gateway. If it is missing or incorrect, you can try manually setting the default route by running the command:

ip route add default via <Your_Internet_Gateway_IP_Address>

Replace <Your_Internet_Gateway_IP_Address> with the IP address of your internet gateway.

  1. Finally, you can try restarting the network services on your Raspberry Pi by running the commands:
/etc/init.d/network restart
/etc/init.d/firewall restart

This should reapply the network settings and restart the firewall service.

1 Like

Thanks for the reply, i am going to try if this works! I will keep you updated.

Little side question, is it also possible to use SoftEther or not?

Like server or like a client?

Eventually I want that my VPN server (the nas) sees the OpenWrt (raspberry pi) as a client so I can passthrough the location of my nas to the OpenWrt.

Small update my internet is working again.

Which commands? Or am I blind :see_no_evil:

Unfortunately this doesn't do the trick.

Is L2TP/IPsec a hard requirement for you?

Wireguard is much easier to configure (and is probably the most popular now due to its performance and ease of use), and even OpenVPN is more common. Although I can only speak for myself insofar as not having any experience with configuring L2TP/IPsec tunnels, my impression is that relatively few of the active forum members have much experience with it, too... so you can also generally get better (more salient) advice if you can use WG or OpenVPN.

1 Like

Ah okay, thank you for your response. Because the end goal is that I want my home network accessible for example in Switzerland. And my NAS only works with OpenVPN, PPTP and L2TP. So I thought that L2TP would be better to do this.

well, i tried l2tp last week and it is worked from LUCI
plain l2tp without IPSEC
only additional requirement was kmod-mppe

tested on OpenWrt 22.03.4

OpenVPN would be a good option here, then.

FWIW, avoid PPTP entirely... it is not even remotely secure and not suitable for use on the internet.

1 Like

Ah okay, well I use version: 21.02.3

Okay then I will try to configure OpenVPN

1 Like

Are there other things I should reckon with?

I don't understand what you're asking? OpenVPN isn't trivial to setup, but it is well documented. The details of your server configuration depend on the NAS, of course... but generally speaking, the OpenWrt docs on the subject have lots of info for both the server and client sides.

So the best way is to use OpenVPN if I want access to my home-network? But for example an iPhone doesn't support OpenVPN or am I wrong?

OpenVPN is supported on most platforms... you just need to install the client app (available for free from the app store on iOS and Android).

But, to be clear, if you're using your NAS's OpenVPN server and the client is your phone, this is not an OpenWrt related topic anymore. If you're setting up the server and/or client on OpenWrt, we're here to help, of course.

Yeah of course I understand, but the main goal is that I can connect my raspberry (which runs openwrt) with my own VPN server and to have access to my home-network wherever I am

sure... this is possible with OpenVPN installed on your OpenWrt Pi. In that case, you won't need to use the OpenVPN client on your phone unless you'll be using your phone separately from your Pi.

Well since I am still a rookie in these kinda stuff. I can use a little help if you guys don't mind :see_no_evil:.

Because how do I connect to my own VPN server with the OpenWrt GUI?